Knight Talks Tech

Introduction to cyber security – Week 2, Authentiation

Passwords – what are they for?

Identification and authentication – Systems need to uniquely identify each user and prevent impersonation.

Risks and solutions

Attacking passwords

Methods

Prevention

Salting

Adding a random value (salt) to plaintext password before hashing.
Hashed password and salt stored on password server.
Random salts for each password required to make process effective.
Advisable to use salt the same size as hashed output, e.g. 256-bit hash should use 256-bit salt.

How to pick a proper password

Password strength checker – https://www2.open.ac.uk/openlearn/password_check/index.html

Password manager

Two-factor authentication


Exit mobile version